This action might not be possible to undo. Are you sure you want to continue?
IN RE APPLICATION OF THE UNITED | STATES OF AMERICA FOR AN ORDER | PURSUANT TO 18 U.S.C 2703(d) | _______________________________________|
MISC NO. 10GJ3793 1:11-DM-00003
BRIEF OF ONLINE PRIVACY RESEARCHERS, PRO SE, AS AMICI CURIAE IN SUPPORT OF PETITIONERS’ MOTION OF OBJECTION TO MARCH 11, 2011 ORDER DENYING MOTION TO VACATE AND DENYING IN PART MOTION TO UNSEAL
Table of Contents
STATEMENT OF INTEREST OF AMICI CURIAE ............................................................................................ 1 SUMMARY OF ARGUMENT ....................................................................................................................... 1 RELEVANT FACTS ....................................................................................................................................... 2 ACADEMIC STUDIES REVEAL THAT USERS NEITHER READ NOR UNDERSTAND PRIVACY POLICIES .......... 3 STATEMENTS BY GOVERNMENT OFFICIALS CONFIRM THAT USERS DO NOT READ PRIVACY POLICIES .. 6 . CONCLUSION ............................................................................................................................................. 7
STATEMENT OF INTEREST OF AMICI CURIAE
Amici are academics and researchers from the fields of computer science, psychology, and law who focus on online privacy: 1 Dr. Kelly Caine, Principal Research Scientist in the Center for Law, Ethics and Applied Research in Health Information and the School of Informatics and Computing, Indiana University Danielle Keats Citron, Professor of Law, University of Maryland School of Law Dr. Serge Egelman Jerry Kang, Professor of Law, UCLA School of Law Dr. Aleecia M. McDonald Frank A. Pasquale, Schering-Plough Professor in Health Care Regulation and Enforcement, Seton Hall Law School, Visiting Fellow, Princeton University Center for Information Technology Policy Len Sassaman, Researcher, Katholieke Universiteit Leuven (Belgium) Jason M. Schultz, Assistant Clinical Professor of Law, Director, Samuelson Law, Technology & Public Policy Clinic, UC Berkeley School of Law Wendy Seltzer, Associate Research Scholar, Center for Information Technology Policy, Princeton University Christopher Soghoian, Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University Dr. Michael Zimmer, Assistant Professor, School of Information Studies, Co-Director, Center for Information Policy Research, University of Wisconsin-Milwaukee
No party’s counsel authored the brief in whole or in part. No party or a party’s counsel contributed money that was intended to fund preparing or submitting the brief. No person— other than the amici curiae, its members, or its counsel—contributed money that was intended to fund preparing or submitting the brief.
SUMMARY OF ARGUMENT
Amici submit this brief in their individual capacities. The affiliations listed are for identification purposes only. 2 Petitioners argue that they have a reasonable expectation of privacy in their IP addresses. Amici do not take a position here on this broader issue, but focus solely on the impact that disclosures in privacy policies may have on a person’s reasonable expectation of privacy.
of terms may constitute a contract under certain circumstances, this legal construct for private obligations has limited bearing on whether a user’s expectation of privacy against government intrusion is objectively reasonable and protected by the Fourth Amendment.
In re § 2703(d) Order; 10GJ3793., 2011 WL 900120, at 13 (E.D. Va. Mar. 11, 2011). Id at n.6. 5 Id at 13.
ACADEMIC STUDIES REVEAL THAT USERS NEITHER READ NOR UNDERSTAND PRIVACY POLICIES
growing body of empirical research confirms that consumers ignore terms of services, end user license agreements, and privacy policies online. A study conducted by researchers at New York University in 2007 observed the Internet browsing behavior of over 45,000 web users. The researchers found that “only one or two out of every thousand retail software shoppers chooses to access the license agreement, and those few that do spend too little time, on average, to have read more than a small portion of the license text."8 A survey of more than 2000 people by Harris Interactive in 2001 found that more than 60 percent of consumers said they had either "spent little or no time looking at websites' privacy policies" or "glanced through websites' privacy policies, but… rarely read them in depth." Of those individuals surveyed, only 3 percent said that "most of the time, I carefully read the privacy policies of the websites I visit."9 Among 222 study participants of the 2007 Golden Bear Omnibus Survey, the Samuelson Clinic at the University of California, Berkeley found that only 1.4 percent reported reading end user license agreements (EULAs) often and thoroughly, while 66.2 percent admitted to rarely reading or browsing the contents of EULAs, and 7.7 percent indicated that they had not noticed these agreements in the past or had never read them.10 An earlier study by a researcher at the University of California, Berkeley found that the majority of users ignored the EULA entirely when installing such popular software as Google Toolbar on their home computers.11
people click to accept without reading the text.”); Robert A. Hillman & Jeffrey J. Rachlinski, StandardForm Contracting in the Electronic Age, 77 N.Y.U. L. Rev. 429, 429-31 (2002) (“with increasing alacrity, people agree to terms [in clickwrap contracts] by clicking away at electronic standard forms on web sites and while installing software.”); Michael I. Meyerson, The Reunification of Contract Law: The Objective Theory of Consumer Form Contracts, 47 U. Miami L. Rev. 1263, 1269 & nn.28–29 (1993) (citing cases recognizing the failure of most consumers to read form contracts); See also Ting v. AT & T, 182 F. Supp. 2d 902, 930 (N.D. Cal. 2002) (holding a customer service agreement procedurally unconscionable because lack of notice contributed to surprise, the court acknowledged that “AT&T's own research found that only 30% of its customers would actually read the entire CSA [consumer service agreement] and 10% of its customers would not read it at all”). 8 Yannis Bakos, Florencia Marotta-Wurgler & David R. Trossen, Does Anyone Read the Fine Print? Testing a Law and Economics Approach to Standard Form Contracts (N.Y.U. Law & Economics Research Paper No. 09-40, October 6, 2009), available at http://ssrn.com/abstract=1443256. 9 http://www.ftc.gov/bcp/workshops/glb/supporting/harris%20results.pdf 10 Joseph Turow et al., The Federal Trade Commission and Consumer Privacy in the Coming Decade, 3 I/S: J.L. & Pol’y for Info. Soc’y 723, 740 (2007) available at http://www.ntia.doc.gov/comments/100402174-0175-01/attachments/FTC_and_privacy.pdf. 11 Nathaniel Good et al., Commentary, User Choices and Regret: Understanding Users’ Decision Process About Consensually Acquired Spyware, 2 I/S: J.L. & Pol’y for Info. Soc’y 283, 321 (2006).
Larry Magid, It Pays To Read License Agreements (2005), available at http://techtalk.pcpitstop.com/2009/12/14/4-years-later-pc-pitstop-eula-experiment-still-the-buzz/ 13 Joseph Turrow, Deirdre K. Mulligan and Chris Jay Hofnagle, Research Report: Consumers Fundamentally Misunderstand The Online Advertising Marketplace (2007), available at http://groups.ischool.berkeley.edu/samuelsonclinic/files/annenberg_samuelson_advertising.pdf 14 Aleecia McDonald and Lorrie Cranor, The Cost of Reading Privacy Policies, 4 I/S: J.L. & Pol’y for Info. Soc’y (2008) available at http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf 15 See Robert W. Gomulkiewicz, Getting Serious About User-Friendly Mass Market Licensing for Software, 12 Geo. Mason L. Rev. 687, 692–94, 701–02 (2004). 16 See Alan M. White & Cathy Lesser Mansfield, Literacy and Contract, 13 Stan. L. Rev. 233, 235–42 (2002).
were beyond the grasp of 56.6% of the Internet population, requiring the equivalent of more than fourteen years of education. Eight policies (13%) were beyond the grasp of 85.4% of the Internet population, requiring the equivalent of a postgraduate education. Overall, a large segment of the population can only reasonably be expected to understand a small fragment of the policies posted.17
STATEMENTS BY GOVERNMENT OFFICIALS CONFIRM THAT USERS DO NOT READ PRIVACY POLICIES
In addition to the large body of academic research confirming that users do not read privacy policies, several senior government officials have acknowledged these findings in public statements. During his introductory remarks at a privacy round table event in December 2009, Federal Trade Commission (FTC) Chairman Jon Leibowitz told those assembled in the room that: “We all agree that consumers don’t read privacy policies – or EULAs, for that matter.”18 Similarly, in an August 2009 interview, David Vladeck, the Director of the FTC's Bureau of Consumer Protection told the New York Times that: “Disclosures are now written by lawyers, they’re 17 pages long. I don’t think they’re written principally to communicate information; they’re written defensively. I’m a lawyer, I’ve been practicing law for 33 years. I can’t figure out what the hell these consents mean anymore. And I don’t believe that most consumers either read them, or, if they read them, really understand it. Second of all, consent in the face of these kinds of quote disclosures, I’m not sure that consent really reflects a volitional, knowing act.”19 (emphasis added). Even the Chief Justice of the US Supreme Court has weighed in on the issue. While speaking in Buffalo, NY last year, Chief Justice Roberts answered a student question by admitting he doesn’t usually read the terms of service or privacy policies, according to the Associated Press:
Carlos Jensen and Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices. In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI '04). ACM, New York, NY, USA, 471-478 (2004), available at http://lib.zstu.edu.cn/res_base/lib_com_www/upload/article/file/2010_3/7_12/f4ywgbiwtpjn.pdf. 18 Jon Leibowitz, Chairman, Fed. Trade. Comm’n, Introductory Remarks at the FTC Privacy Roundtable (Dec. 7, 2009) available at http://www.ftc.gov/speeches/leibowitz/091207privacyremarks.pdf. 19 An Interview with David Vladeck of the F.T.C. (Aug. 5, 2009), http://mediadecoder.blogs.nytimes.com/2009/08/05/an-interview-with-david-vladeck-of-the-ftc/.
It has "the smallest type you can imagine and you unfold it like a map," he said. "It is a problem," he added, "because the legal system obviously is to blame for that." Providing too much information defeats the purpose of disclosure, since no one reads it, he said. "What the answer is," he said, "I don’t know."20
Dated: March 28, 2011
By: ______________________________ Christopher Soghoian (pro se) Graduate Fellow, Center for Applied Cybersecurity Research Indiana University PO Box 2266 Washington, DC 20013 Telephone: 617-308-6368 Email: firstname.lastname@example.org
Debra Cassens Weiss, Chief Justice Roberts Admits He Doesn’t Read the Computer Fine Print (Oct. 20, 2010), http://www.abajournal.com/weekly/article/chief_justice_roberts_admits_he_doesnt_read_the_computer_fi ne_print.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.